Quote:
Originally Posted by meeatpizza
If someone changed your password the cookie wouldn't log you in because the info on the cookie would not be right
ZOOM!!!!!!!!!!!
|
If the cookie stores a password then that is not a safe method, the cookie should store a session ID or likewise an ID that is there for peremenant logins. The ID should be deleted and renew when needed again every time the user logs out or gets their password incorrect, or when the cookie is invalid.
That's how my website does it anyway and I thought that was standard.
I will look at the cookie when I get home today.
█░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
█░░▓░░░░░░░▓░░░░░░░░░░░▓▓░░▓░░░░░░▓░░░▓░░░░█
█░▓░▓░▓▓▓░▓▓▓░▓░▓░░░░░░▓▒▒░░▒░░▓▓░▓▓▓░▓▒░░░█
█░▓▓▓▒▓▒▒▒░▓▒▒▓▓▓▒▓▓▓░▓▓▓░░▓░░░▓▒▒▓▒▓▒▓▒░░░█
█░▓▒▓▒▓▒░░░▓▓░░▒▓▒░▒▒▒░▓▒▒░▓▓░▓▓▒░▓▒▓▒▓▒░░░█
█░▓▒▓▒░▒░░░░▒▒▓▓▓▒░░░░▓▓▒░░░▒▒░▒▒░░▒░▒▓▓▓░░█
█░░▒░▒░░░░░░░░░▒▒▒░░░░░▒▒░░░░░░░░░░░░░░▒▒▒░█
█░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
I have mostly moved on from Alice, but may still respond to messages if important [¬º-°]¬